package com.cryptooj.project.config;

import org.springframework.boot.autoconfigure.session.DefaultCookieSerializerCustomizer;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.session.MapSessionRepository;
import org.springframework.session.SessionRepository;
import org.springframework.session.config.annotation.web.http.EnableSpringHttpSession;
import org.springframework.session.web.http.DefaultCookieSerializer;

import java.util.concurrent.ConcurrentHashMap;

@Configuration
@EnableSpringHttpSession
public class SessionConfig {

    @Bean
    public SessionRepository sessionRepository() {
        return new MapSessionRepository(new ConcurrentHashMap<>());
    }


    @Bean
    DefaultCookieSerializerCustomizer cookieSerializerCustomizer() {
        return cookieSerializer -> {
            // Nginx 代理后，浏览器看到的是同站请求，不再需要为跨域进行特殊配置
            // 移除 Secure 和 SameSite=None，以支持 HTTP
            cookieSerializer.setSameSite("Lax"); // "Lax" 是现代浏览器推荐的默认值，能提供较好的安全性
            cookieSerializer.setUseSecureCookie(false); // 关键：允许在非HTTPS连接下设置Cookie
        };
    }
}